feature-lifecycle
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of external Python scripts located in the user's home directory (
~/.claude/scripts/), such asfeature-state.py,learning-db.py, andadr-query.py. These scripts are used for state management and tracking across different phases of the feature lifecycle. - [COMMAND_EXECUTION]: It executes a wide range of system utilities and developer tools through the Bash tool, including
gitfor branch management,gh(GitHub CLI) for pull request creation, and various build/test tools likemake,npm,pytest, andruffduring the validation phase. - [DATA_EXFILTRATION]: During the release phase, the skill uses the
gh pr createcommand to transmit local branch descriptions, code summaries, and testing results to GitHub. This is an intentional part of the workflow but constitutes an external transmission of project data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in the design phase (
references/design.md), where it automatically scans and incorporates content from.seeds/index.jsonbased on fuzzy keyword matching. - Ingestion points: Processes untrusted content from
.seeds/index.jsonand user-provided feature descriptions. - Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded malicious prompts within the seed data.
- Capability inventory: Possesses significant capabilities including file system access (
Read,Write), shell execution (Bash), and the ability to dispatch sub-agents (Agent,Task). - Sanitization: No sanitization or validation of the ingested seed content is performed before it is used to influence design decisions.
Audit Metadata